MISSION
The Security Office serves as the principal staff office of the Army Support Activity for matters related to intelligence and information security. The Security Manager serves as the unit's Information Assurance Officer (IASO) and is the Career Program Manager for CP35, Defense Civilian Intelligence Personnel System (DCIPS). The office provides procedural guidance, advice, assistance, and oversight for information security, personnel security, and training to include OPSEC for all tenant units on the installation; information assurance oversight; and anti-terrorism/force protection guidance.
VISION
Security Professionals dedicated to providing premier security services to support our Soldiers, civilians, and contractor population.
Industrial SecurityResponsible for the oversight of classified information possessed by industry. Provides advice regarding matters pertaining to classified contractor activities on the installation. Reviews and maintains Contractor Security Classification Guidance (DD Form 254). Manages inspection and training support programs for cleared contractors. Maintains authorization records accountability (access rosters, visit authorization letters, SOW, etc). Provides training briefings for Contracting Officer/Contracting Officer Representatives (COR) regarding the Industrial Security Program responsibilities and procedures; liaise with contractor and government agency security representatives. |
Information SecurityProvides oversight for the classification, downgrading, declassification, transmission transportation and safeguarding of information requiring protection in the interest of national security. Provides guidance for the protection and storage of classified and sensitive information/material; proper documentation and media markings; transmission and transportation of classified information; and destruction of classified, sensitive and personally identifiable information. Conduct courtesy inspections to assist with implementing and maintaining a unit’s security program. |
Information AssuranceEnsures the integrity, availability, confidentiality, non-repudiation, and authentication of MHS ISs and networks supporting military readiness and peacetime healthcare. Develops IA policies and implementation guidance in accordance with Federal and DoD AIS security regulations, as well as creating policies based on the effectiveness of existing unit IA best practices and policies. Performs certifications and accreditations of centrally managed AISs and networks; communicates security related IA issues or items of interest affecting the ASA; and tests, verifies, and assures that adequate security controls exist within the IT systems supporting the ASA. Provides guidance on IA responsibilities and procedures Provides oversight of the implementation of the Information Assurance Vulnerability Alert (IAVA) process within the ASA. |
Personnel SecurityProvides oversight for the Personnel Security standards used in determining a person’s suitability under national security criteria for appointment or retention in the federal government. Implements policies and procedures to determine eligibility for access to classified/controlled unclassified and sensitive data and assignment to sensitive/non-sensitive positions in accordance with regulatory guidelines; processes applications for security clearances to meet investigative and adjudicative standards necessary for deployment and federal employment. Provides individual counseling to assist with adverse action taken as the results of personnel security determinations and unfavorable determinations as defined; and assists with due process procedures for appealing adverse administrative actions rendered by DoD adjudicative agencies. |
Operations SecurityAssist directors/commanders in the development, organization, and administration of an OPSEC program within the ASA; provides guidance and oversight to multiple subordinate OPSEC programs of various units, activities, and organizations and coordinates their actions under the ASA's OPSEC program. |
Security Education & TrainingAssists commanders in establishing and maintaining an effective security education program as required by regulations. Provides guidance for establishing procedures to ensure that all persons handling classified/ controlled unclassified material possess the proper clearance/suitability determination and “need-to-know” is verified. Also, provides education and training tools that enable quality performance of security functions and promotes understanding of information security program policies and requirements. Maintains program oversight to ensure all personnel are given initial orientation and annual refresher training encompassing all disciplines. |
IA Training For Senior Leaders
Designated Accrediting Authority (DAA)
This interactive training provides an understanding of the roles and responsibilities of the DAA. The user will learn about important issues associated with the DAA’s responsibilities and the key players that interact with the DAA, including the Principal Accrediting Authority, Chief Information Officer, Certifying Authority, Program Manager, User Representative, Information Assurance Manager (IAM), and Information Assurance Officer (IAO). This presentation also provides legal guidance relating to information system security, to include Congressional legislation, as well as Federal and Department of Defense, or DoD, policy. An overview of DoD certification and accreditation, to include details on the DoD Information Assurance Certification and Accreditation Process (DIACAP) is provided. The DAA’s responsibilities concerning system connection and the DoD IA Workforce Improvement Program are reviewed. Content contains update material on IA Workforce Specialty Categories, guidance on social networking issues, handling of leaked Government documents on the web, and information on the forthcoming Federal Risk Management Framework (RMF). The information in this product can also benefit mid-level and senior managers. (3.0 hrs)
http://iase.disa.mil/eta/daav9/daav9/launchpage.htm
IA Briefing for Senior Operational Leaders
The Information Assurance (IA) Briefing for Senior Operational Leaders presents five short scenarios based on problems observed during operations, with the actual or possible consequences that could result from the actions that caused the problems. You, as the senior leader, are challenged to consider how your planning, action, and response could lessen or eliminate these vulnerabilities. (30 min)
http://iase.disa.mil/eta/Lists/IA%20Training%20for%20Senior%20Leaders/Allitems.aspx
IA Training For IA Professionals
(http://iase.disa.mil/eta/online-catalog.html#iaprofessionals)
Physical Security for SIPRNet (DoD PKI Cert req'd)
This course is for Security Managers, Information Assurance Managers, or others tasked with providing guidance for the installation of a new or expanded SIPRNet system. This course provides guidance for the physical protection of information systems assets connected to the SIPRNet. It includes concepts of recognizing and protecting classified material in all forms, and physical and technical measures required for end-to-end protection of classified data residing on SIPRNet-connected systems. Subjects covered include the establishment and maintenance of secret secure rooms, protected distribution systems, and wall jack security. (1.5 hrs)
http://iase.disa.mil/Search/Pages/Results.aspx?k=Physical%20Security%20for%20SIPRNet&s=All%20Sites
Information Assurance for Professional Shorts
This product contains specific information related to the topics listed below. IA Roles and Responsibilities Short introduces the Information Assurance hierarchy, including the roles and responsibilities of key leadership positions as well as the responsibilities of all Authorized Users. (25 min) Auditing Logs for IA Managers Short introduces the auditing responsibilities of IA Managers. It describes the audit log and event information displayed by the system's auditing software. (20 min) Security Technical Implementation Guides (STIGs) Short introduces the purpose and uses of STIGs. SCADA Short describes how Supervisory Control and Data Acquisition systems function and significant cyber-security issues associated with DoD SCADA systems. (15 min) FISMA Short explains what the FISMA is, why it is important, how it is implemented within the Federal government and the DoD, and identifies where to obtain guidance for FISMA responsibilities. (20 min) IA Vulnerability Management Short describes the vulnerability management process in DoD and the tools that support the process. (20 min) The DoD 8570.01-M IA WIP Short presents an overview of the IA Workforce Improvement Program, defines the DoD IA workforce, and outlines the IA workforce training and certification requirements. (1 hr) The Zero Day Attack Short provides an introduction to the steps an IA professional needs to follow if they suspect that their system has been compromised by an attack which otherwise is unknown to the IA technical community (aka Zero Day Attack). (20 min)
http://iase.disa.mil/eta/Lists/IA%20Training%20for%20IA%20Professionals/Allitems.aspx
Enhancing Information Assurance Through Physical Security
This interactive course is designed for employees needing a general awareness of how the Department's Information Assurance (IA) program is enhanced through physical security. The course consists of four sections. The first section discusses the discipline of physical security, defines terms, and looks at site selection, physical perimeter, and facility controls. The second section describes some of the threats and vulnerabilities involved in protecting the Department's IA, as well as ways to protect the resources. The third section defines the various types of equipment, and addresses what some of the risks are in using them. The last section introduces policy and best practices for protecting the Department's equipment and information. (2 hrs)
http://iase.disa.mil/eta/enhanc-ia-phys-sec/
DIACAP
This training presents separate DIACAP Overview and DIACAP Implementation courses. In the DIACAP Overview course, you will learn that Department of Defense (DoD) information systems, in order to operate, must be certified and accredited, using a standard set of activities defined within the DoD Information Assurance Certification and Accreditation Process, or DIACAP. You will also learn about the DIACAP's purpose, objectives, and implementation, as well as the crucial role that enterprise risk management plays in the certification and accreditation process. DIACAP roles and responsibilities will be explained, to include the DoD enterprise governance structure, DoD Component responsibilities, and DIACAP implementation responsibilities. Further, you will be introduced to the key components of the five DIACAP activities used for DIACAP implementation. Finally, you will learn about transition to the DIACAP from the previous DoD Information Technology Security Certification and Accreditation Process, or DITSCAP. (1 hr.)
http://iase.disa.mil/Search/Pages/Results.aspx?k=DIACAP&s=All%20Sites